package xyz.scootaloo.mono.security.aop

import org.springframework.boot.web.servlet.FilterRegistrationBean
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.web.cors.CorsConfiguration
import org.springframework.web.cors.UrlBasedCorsConfigurationSource
import org.springframework.web.filter.CorsFilter
import xyz.scootaloo.mono.security.util.KW_HTTP


/**
 * 跨域设置
 *
 * @author flutterdash@qq.com
 * @since 2021/9/8 10:30
 */
@Configuration
class WebCorsFilter {

    @Bean
    fun corsFilter(): FilterRegistrationBean<CorsFilter?> {
        val source = UrlBasedCorsConfigurationSource()
        source.registerCorsConfiguration("/**", CorsConfiguration().apply {
            /**
             * Access-Control-Max-Age: 3600
             * Access-Control-Allow-Origin: *
             * Access-Control-Allow-Headers: *
             * Access-Control-Allow-Methods: GET,POST,OPTIONS,HEAD
             */
            addAllowedOrigin("*")
            addAllowedHeader("*")
            addAllowedMethod("*")
            /**
             * 使得客户端可以访问这些属性
             */
            exposedHeaders = listOf(KW_HTTP.JWT_MARK)
        }) // CORS 配置对所有接口都有效
        return FilterRegistrationBean(CorsFilter(source)).apply {
            order = 0
        }
    }

}
